CVE-2024-8531 HIGH

CVE-2024-8531

Vendor Schneider Electric
Product Data Center Expert
Weakness CWE-347
Published October 11, 2024
Last update October 15, 2024

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root.

Key dates

02Disclosure timeline

October 11, 2024 CVE published
October 15, 2024 Record updated